What is BetterCap ?

BetterCAP is a powerful tool to perform various types of Man-In-The-Middle attacks against the network, manipulate HTTP and HTTPS traffic in realtime and much more.

Some of the main features include:

• Full and half duplex ARP spoofing.
• The first real ICMP DoubleDirect spoofing implementation.
• Configurable DNS spoofing.
• Realtime and completely automatized host discovery.
• Realtime credentials harvesting for protocols such as HTTP(S) POSTed data, Basic and Digest Authentications, FTP, IRC, POP, IMAP, SMTP, NTLM ( HTTP, SMB, LDAP, etc ) and more.
• Fully customizable network sniffer.
• Modular HTTP and HTTPS transparent proxies with support for user plugins + builtin plugins to inject custom HTML code, JS or CSS files and URLs.
• SSLStripping and HSTS bypass.
• Builtin HTTP server.

And much more!

Yet another MITM tool? C'mon, really?!!?

This is exactly what you are thinking right now, isn't it? :D But allow yourself to think about it for 5 more minutes ... what you should be really asking is:

Does a complete, modular, portable and easy to extend MITM tool actually exist?

If your answer is "ettercap", let me tell you something:

• Ettercap was a great tool, but it made its time.
• Ettercap filters do not work most of the times, are outdated and hard to implement due to the specific language they're implemented in.
• Ettercap is freaking unstable on big networks ... try to launch the host discovery on a bigger network rather than the usual /24 ;)
• Yeah you can see connections and raw pcap stuff, nice toy, but as a professional researcher I want to see only relevant stuff.
• Unless you're a C/C++ developer, you can't easily extend ettercap or make your own module.

Moreover:

• Ettercap's and MITMf's ICMP spoofing is completely useless, ours is not.
• Ettercap does not provide a builtin and modular HTTP(S) transparent proxy, we do.
• Ettercap does not provide a smart and fully customizable credentials sniffer, we do.